If I understood your query correctly, then there is no issue with security of re-transmitted packets. MAC layer ensures data delivery by using HARQ mechanism, in which there is no need of re-transmission of same packet again and again. MAC layer doesn't modify the content of a packet receives from the upper layer.
Even in case, when MAC HARQ gets failed, MAC reports to RLC and RLC re-sends the packet to MAC layer. RLC doesn't modify anything for the packets which it receive from the PDCP layer. When RLC's ARQ feature gets failed to deliver data, it reports "Radio Link Failure" to RRC layer and RRC layer starts a timer T301 at the eNodeB side and wait for Re-establishment Request message from an UE.
As part of re-establishment procedure, eNodeB re-activates security for an UE.
